AI agents need API keys, database passwords, and tokens to do their jobs, but today those credentials get scattered across .env files, hardcoded configs, and shared secrets with no access control. agent-vault gives every agent its own encrypted identity. Secrets are encrypted locally using age encryption and stored in a Git repo as ciphertext. No server. No SaaS. No trust in the Git provider required. The repo is just an encrypted blob store with built-in versioning and collaboration.